HearBest HIPAA Notice of Privacy Practices (NPP) for Protected Health Information (PHI)

As a hearing healthcare provider in Indiana, HearBest is considered a “covered entity” under the Health Insurance Portability and Accountability Act (HIPAA) and is committed to complying with all federal and state requirements for protecting your health information.

What is Protected Health Information (PHI)?

Protected Health Information includes any individually identifiable health information we create, receive, maintain, or transmit, including:

• Hearing test results and audiograms
• Diagnoses and treatment plans
• Billing and payment information
• Demographic information when connected to your health information
• Appointment scheduling and history

How We Protect Your Health Information

We implement administrative, technical, and physical safeguards to protect the confidentiality, integrity, and availability of your electronic protected health information (e-PHI) as required by the HIPAA Security Rule. These safeguards include:

• Encryption of electronic health information
• Secure physical storage of paper records
• Access controls limiting who can view your information
• Staff training on privacy and security procedures
• Regular security risk assessments

Your Rights Under HIPAA

As an Indiana resident, you have the following rights regarding your health information:

• Right to access and obtain copies of your health records
• Right to request corrections to your health information
• Right to receive an accounting of disclosures of your PHI
• Right to request restrictions on certain uses and disclosures
• Right to request confidential communications
• Right to be notified of a breach of your unsecured PHI

When We May Disclose Your Information

We may use or disclose your health information without your authorization in limited circumstances, including:

• For treatment purposes
• For payment and healthcare operations
• When required by law
• For public health activities
• To avert a serious threat to health or safety

In most other cases, we will obtain your written authorization before using or disclosing your health information.

Indiana-Specific Requirements

In addition to federal HIPAA requirements, Indiana law provides specific protections for health information:

• We respond to requests for access to health records within 30 days
• We follow Indiana’s fee schedule for medical record reproduction
• We adhere to Indiana’s breach notification requirements

HIPAA Breach Notification

In the event of a breach of your unsecured PHI, we will notify you as required by the HIPAA Breach Notification Rule, which may include written notification, website notice, or media notice depending on the circumstances.